US-CERT Current Activityhttps://www.us-cert.gov/ncas/current-activity.xml
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.enCisco Releases Semiannual IOS Software Security Advisory Bundled Publicationhttps://www.us-cert.gov/ncas/current-activity/2015/03/26/Cisco-Releases-Semiannual-IOS-Software-Security-Advisory-Bundled

Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service (DoS) condition, interface queue wedge, or exchange memory leak.

US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply the necessary updates.

A vulnerability in Google's Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user knowledge. Devices running Android version 4.4 or later are not vulnerable.

US-CERT advises users to ensure their devices are running an up-to-date version of Android and to use caution when installing software from third-party app stores.

Apple has released Security Update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

Firefox 36.0.4

Firefox ESR 31.5.3

SeaMonkey 2.33.1

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and SeaMonkey and apply the necessary updates.

OpenSSL has released new updates addressing multiple vulnerabilities, one of which is classified as a high severity issue. Exploitation could allow a remote attacker to cause a cause a Denial of Service attack against the server.

Ubuntu has released a security update to address multiple vulnerabilities in PHP5 affecting Ubuntu 14.10, 14.04 LTS, 12.04 LTS, and 10.04 LTS. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code.

Users and administrators are encouraged to review Ubuntu Security Notices USN-2535-1 and apply the necessary updates.

Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or prevent users from discerning a phishing attack on an affected system.

Microsoft has released updates to address Windows vulnerabilities as part of the Microsoft Security Bulletin Summary for March 2015. Exploitation of one of these vulnerabilities (FREAK) could allow a remote attacker to decrypt secure communications between vulnerable clients and servers.